I work at an embedded software company. This morning I found a USB stick in the parking lot in front of the building. With all the stories of "dropped USB stick attacks" in mind, I'm obviously not going to just plug it into my laptop. OTOH, I'm curious to know whether this was actually an attempt to compromise our systems, or it's really just an innocent case of somebody accidentally losing a USB stick. How do I safely inspect the USB stick without risking exposure?
I'm worried not just about malware and crafted file system images; there's also stuff like power surge attacks:
'USB Killer 2.0' Shows That Most USB-Enabled Devices Are Vulnerable To Power Surge Attacks.
EDIT: Many of the answers seem to assume I want to keep the drive and use it afterwards. I have no interest in that at all, I know USB sticks are cheap, and that it wouldn't be mine to keep anyway. I only want to know whether this was indeed a semi-targeted attack, partly out of curiosity whether this actually happens in real life and not just in security papers, but also so that I could warn my coworkers.
I want to know how I would figure out whether the stick contains malware. And that's not just a matter of looking at the drive contents and seeing a suspicious autorun.inf or a carefully crafted corrupt file system - I very much also want a way to inspect the firmware. I sort-of expected that there were tools for extracting that and comparing to known-good or known-bad binaries.
No comments:
Post a Comment